1. 31 May, 2016 2 commits
  2. 27 May, 2016 5 commits
  3. 26 May, 2016 1 commit
  4. 25 May, 2016 2 commits
  5. 21 May, 2016 1 commit
  6. 19 May, 2016 1 commit
    • rswindell's avatar
      Implement IP temporary ban: · ee159c40
      rswindell authored
      By default, after 20 consecutive (unique) failed login attempts, *or*
      a failed login attempt wtih a name from the name.can filter file.
      The default temporary ban duration is 10 minutes.
      The temporary ban thershold is configurable via LoginAttemptTempBanThreshold
      in sbbs.ini and the ban duration is configurable via LoginAttemptTempBanDuration
      (in seconds).
  7. 18 May, 2016 3 commits
  8. 14 May, 2016 1 commit
    • deuce's avatar
      Make the IRC_Queue recv (and the new send) method take a socket argument · f997cf33
      deuce authored
      instead of a string argument.  They perform the send/recv themselves using
      a buffer.
      This allows taking advantage of non-blocking sockets (in new Synchronet
      builds) to be much more responsive.
      This should still be compatible with the old socket.send implementation.
      The *first* send it does in blocking mode and detects if it's the new or
      old socket.send implementation and sets a global variable.  Future sends
      know if it's the old or new API and treats them accordingly.
      This may make new ircd running on an old build slightly less responsive
      when a new user joins or when a new link is established since it blocks
      all other ircd activity until the entire send queue has been transmitted (or
      the connection is terminated).
  9. 13 May, 2016 5 commits
    • rswindell's avatar
      Fix bug introduced in rev 167 (the IPv6 commit): · b4049a3e
      rswindell authored
      calling Socket.bind() with an undefined hostname parameter would result in a
      getaddrinfo() failure, e.g. on Windows, WSAHOST_NOT_FOUND 11001
      The ircd.js passes the value of server.interface_ip_address to socket.bind()
      and when run from jsexec, this property is not defined. So you couldn't run the
      ircd from jsexec or you'd get "!Error 0 binding socket to TCP port xxx".
      Also now setting the socket last_error value upon getaddrinfo() failure so
      if there is a failure, the error message won't include the erroneous "Error 0".
    • deuce's avatar
      Fix long-standing problem POSTing very large entities (when using new · 5fde6960
      deuce authored
      Synchronet builds).  Use multiple send()s when needed.
    • deuce's avatar
      Handle new send() return value in the same manner. This can be fixed more · 7377a4c0
      deuce authored
      correctly now though.
    • deuce's avatar
      "Fix" send return value usage. · 5dbe9d1d
      deuce authored
    • deuce's avatar
      Fix socket.send() so that it returns the number of bytes sent. The · 698ca0bd
      deuce authored
      underlying send() function is free to send a subset of the bytes, and
      occasionally does (especially on non-blocking sockets).  The return value
      was true if all bytes were sent or false if not all bytes were sent.
      The new behaviour is to return the number of bytes sent or null on failure.
      This is mostly compatible with existing code which appears to universally use
      if (!sock.send(str))
      Cases where it's not compatible are when a zero-length string is sent.  The
      handling of errors is slightly different now too... previously, if you
      retransmitted on failure, the stream would "stutter" now it will have
  10. 12 May, 2016 4 commits
    • deuce's avatar
      Various fixups with an eye to reducing latency and fixing ping timeouts · e38cf4ae
      deuce authored
      1) Don't use socket.recvline() on non-blocking sockets.  Instead, have
         the recvq object parse lines and receive 64k at a time.
      2) Pass all received data through the recvq object rather than attempt
         to process one command per recv().
      3) Pass all data sent on established connections through the sendq
         object rather than only use it if send() fails.
      4) Move client throttling completely into ircd_user.js and out of
         the queue processing function so we don't accidentally throttle
         server connections.
      5) send() the entire sendq contents as a single send() rather than one
         line per main loop.
      6) Parse the entire recvq each time through the main loop.  This
         requires tracking when an unregistered connection is replaced by
         either a client or a server connection.
    • deuce's avatar
      Re-order load()s · b41701b9
      deuce authored
    • nightfox's avatar
      SlyEdit version 1.49 - Bug fix: Updated the command key help screen to use the... · 99eaafdd
      nightfox authored
      SlyEdit version 1.49 - Bug fix: Updated the command key help screen to use the standard Synchronet pause function at the end so that Synchronet can use a custom pause script if one is configured in text.dat.
    • nightfox's avatar
      Version 1.12: Updated the way the pause prompt is shown in the help screen, in... · 0ca15c8c
      nightfox authored
      Version 1.12: Updated the way the pause prompt is shown in the help screen, in case the sysop has configured an external module (Baja/JS) to run for a pause prompt.  Also made a potential bug fix: When translating a message number to a message index, added a check to ensure the value is a number, to (hopefully) avoid a potential crash.
  11. 09 May, 2016 3 commits
    • rswindell's avatar
      Introduced sbbsecho.ini advanced setting (not yet exposed in echocfg): · 4ea509a0
      rswindell authored
      StrictPacketPasswords (default is "true").
      If you want SBBSecho v3 to behave like SBBSecho v2 with regards to packet
      passwords for linked-nodes with *no* configured packet password, set this value
      to "true" in your sbbsecho.ini file. I don't recommend doing this if you care
      about the "security" of your echomail, but some sysops have been bitten by the
      strict enforcement of the configured password in SBBSecho v3.
      I also fixed some (but not all) of the signed/unsigned value comparison
      warnings reported by msvc2013. Hopefully this didn't introduce any stupid bugs.
    • rswindell's avatar
      If login_prompts is set in the [login] section of ctrl/modopts.ini, use that · f3a748fd
      rswindell authored
      value (instead of the hard-coded 10) to limit the number of login prompts
      displayed before disconnecting the user. A failed password attempt counts as
      "2 prompts".
    • rswindell's avatar
      Fix login_attempted() for IPv4 at least (I can't test for IPv6, Deuce?). · 8a042fb5
      rswindell authored
      This has been broken (did not track consecutive failed login attempts from
      the same client IP address) since the IPv6 commit of Aug-2015. I only noticed
      this wasn't working when I was documenting the "auto-block hackers" feature
      on the Wiki and noticed that every failed login (even those from the same IP)
      was listed as a separate entry in the "Failed Logins" list (e.g.
      sbbsctrl->View->Login Attempts). Ugh.
  12. 30 Apr, 2016 1 commit
  13. 28 Apr, 2016 1 commit
  14. 27 Apr, 2016 2 commits
  15. 24 Apr, 2016 5 commits
  16. 23 Apr, 2016 3 commits